Accessing A Public Website Is Not A Crime, And Craigslist Should Back Away From Its Lawsuit Claiming Such

from the bad-legacy dept

We’ve written a few times about Craigslist’s unfortunate and misguided lawsuit against 3taps and Padmapper, companies which aggregated Craigslist data, allowing others to build useful services on top of Craigslist, driving additional traffic and usage back to Craigslist. It’s upsetting on the basic level that Craigslist is attacking companies that make its data more useful, and it’s doubly upsetting given that Craigslist itself is generally such a big supporter of basic internet freedoms and good policy online. To see it so aggressively attack some other innovators — with very broad and dangerous interpretations of both copyright law and the Computer Fraud and Abuse Act (CFAA) is immensely troubling. Perhaps more troubling is that the district court initially bought some of Craigslist’s expansive arguments on both fronts (while pushing back on the most extreme arguments). Still, the ruling was dangerous on many levels, and now the EFF (which often works with Craigslist on things) has filed an amicus brief arguing against this dangerous interpretation.

Specifically, the EFF is (quite reasonably) concerned about the court’s ruling that said because Craigslist sent a cease and desist letter to 3taps, and 3taps changed its IP address and continued visiting Craigslist’s site, that it had violated the CFAA — even though the website was freely available to the public.


The CFAA does not and should not impose liability on anyone who accesses information
publicly available on the Internet. Because the CFAA and Penal Code § 502 imposes both civil and
criminal liability, it must be interpreted narrowly. That means information on a publicly accessible
website can be accessed by anyone on the Internet without running afoul of criminal computer
hacking laws. In the absence of access, as opposed to use, restrictions, Craigslist cannot use these
anti-hacking laws to complain when the information it voluntarily broadcasts to the world is
accessed, even if it is upset about a competing or complementary business.

EFF points out, both in its blog post and in its filing, how much Craigslist itself benefits from an open internet, and why it’s not good that it’s now fighting against that very principle.


But benefits to this openness remain and Craigslist itself is a notable example of these
benefits. Craigslist provides a popular and wide reaching classified advertising service, allowing
people to post mostly free classified ads that can be seen by anyone anywhere in the world without
charge. Craigslist claims that 60 million people use Craigslist in the United States each month, that
100 million classified ads are posted each month and that the site receives 50 billion page views
per month. It receives 2 million new job postings a month, supports advertisements posted in 13
different languages and has more than 700 local sites in 70 countries. It is one of the 25 most
visited websites in the United States.

Craigslist’s enormous success is a result of its openness: anyone anywhere can access any
of its websites and obtain information about apartments for rent, new jobs or cars for sale. Its
openness means that Craigslist is the go to place on the web for classified ads; it users post on
Craigslist because they know their ads will reach the largest audience.

But what Craigslist is trying to do here is to use the CFAA’s provisions to enforce the unilateral determinations it has made concerning access to its website, an Internet site that it has
already chosen to open up to the general public, attempting to turn a law against computer hacking
into a new tool. But prohibiting access to an otherwise publicly available website is not the type of
harm that Congress intended to be proscribed in the CFAA, and nowhere in the legislative history
is there any suggestion that the CFAA was drafted to grant website owners such unbridled
discretion.

Hopefully the court recognizes the troubles of its earlier ruling, and Craigslist also recognizes the folly of this approach.



Filed Under: ,
Companies: 3taps, craigslist, eff, padmapper

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Accessing A Public Website Is Not A Crime, And Craigslist Should Back Away From Its Lawsuit Claiming Such”

Subscribe: RSS Leave a comment
24 Comments
Ninjasays:

I just love when the EFF/ACLU stand firmly in their positions despite the fact that it may lead them to go against usual partners (this case) or even support extremist groups such as the ACLU supporting KKK in their First Amendment rights.

This kind of attitude show lack of bias. This builds trust. This drives my money to their pockets.

RyanNerdsays:

Reason for CL behavior -- Their TOS is very closed

This is specific to posting, but shows the CL mindset:

It is expressly prohibited to post content to craigslist using any automated means. Users must post all content personally and manually through all steps of the posting process. It is also expressly prohibited for any user to develop, offer, market, sell, distribute or provide an automated means to perform any step of the posting process (in whole or in part). Any user who develops, offers, markets, sells, distributes or provides an automated means to perform any step of the posting process (in whole or in part) shall be responsible and liable to CL for each instance of access to craigslist (by any user or other third party) using that automated means.

John Fendersonsays:

Re: Re: Reason for CL behavior -- Their TOS is very closed

It is also expressly prohibited for any user to develop, offer, market, sell, distribute or provide an automated means to perform any step of the posting process (in whole or in part).

It’s hard to see how this is enforceable. Even if it is, there’s an obvious time-honored workaround in the software industry: the chinese firewall. Have a user merely describe exactly what what steps are required to perform the various functions, and have a non-user write the software that implements those steps.

art guerrillasays:

Re: Re: Re: Re: Reason for CL behavior -- Their TOS is very closed

it was hard to see how Amex’s TOS were enforceable, and yet they just were upheld on appeal…

NOW, ALL stupid fucking EULA’s, TOS’s, etc are going to be sitting pretty with this ruling…

in other words: SNAFU, we are screwed, the korporadoes are king…

good luck with that revolution, digital serfs…

art guerrilla
aka ann archy
eof

out_of_the_bluesays:

Commercial use versus public users.

A major distinction between the entities that Craigslist offers its data to. It’s unfair competition for another business to use Craigslist data. It’s not public like facts of the score in a baseball game, it’s generated by Craiglist, as is the underlying draw of the managed biz.

Not that I’m for Craigslist. Nor is that apparently their argument: I’d guess because anti-trust has been morbid since the 80’s.

Still, the principles are clear: 3taps and Padmapper don’t pay for the value they get, nor visibly return any, only GRIFT off Craigslist. — If your business relies on someone else to do the work, then it’s a GRIFTING BUSINESS MODEL.

It’s clear that Mike worries about the ignore “sunk (or fixed) costs” business model of his grifter pals being found illegal.

Since Craigslist has tried repeatedly to dissuade such use and 3taps and Padmapper are informed that they’re not authorized, then it’s definitely a valid case.

If I were the judge, though, I’d strongly imply that the parties should settle out of court with some nominal fee to Craigslist.

Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
Every “new business model” here requires first getting valuable products — especially money and labor — for free.
04:07:20[f-50-2]

Anonymoussays:

Re: Re: Commercial use versus public users.

If your business relies on someone else to do the work, then it’s a GRIFTING BUSINESS MODEL.

Craigslist’s entire business model is based on users posting things on Craigslist; in other words, Craigslist sits back and relies on its users to do the work. By that logic, Craigslist is “Grifting” as much as 3taps and Padmapper, perhaps more.

PaulTsays:

Re: Re: Commercial use versus public users.

“It’s not public like facts of the score in a baseball game, it’s generated by Craiglist”

Yes, it’s not facts – it’s content provided by people other than Craigslist (their users). The list is generated by an algorithm, but the data contained within that list is not created by them.

“If your business relies on someone else to do the work, then it’s a GRIFTING BUSINESS MODEL.”

It’s worth repeating that Craigslist do exactly this, unless you’re going to try and claim that the software and platform are “the work”. In which case you’re agreeing that the 3rd parties in this case are already doing their own work, and thus your argument is inapplicable.

It’s not often you see people destroy their own arguments in the process of making them, but this is you…

Pragmaticsays:

Cathy,

have you EVER heard of “The Phone Book?”

This also take information available elsewhere and makes it publicly available. Is this grifting?

When sending traffic to a service IS the MO and end game of a service, it’s DEMONSTRABLY not grifting.

I presume you feel the same way about those city maps for tourists. They use company logos, don’t they?

Histrionic response in 3…2…1…

Graham Jsays:

Accessible == redistributable?

I’m not sure I agree that just because something is publicly available on the internet that anyone else can copy and post that information on their own site, particularly for commercial gain. What if instead of ads these were pictures or videos? Would it still be ok in your mind, Mike, for some other site to scrape that content and publish it themselves, even if with attribution?

I’m not a fan of litigation over these sorts of things in general but I can’t help but see CL’s point here.

Anonymoussays:

Re: Re: Accessible == redistributable?

Using Padmapper as an example, how it works is that users search for apartment rentals, Padmapper gets data from various sites, and then gives users links to those sites. It drives more traffic to those sites by making their data more easily searchable, in essence making those sites more valuable. It’s the exact same as a site like Expedia or Travelocity aggregating flight lists so users can compare prices. Craigslist gains, Padmapper gains, the user gains. Craigslist is not harmed.

Mike Masnicksays:

Re: Re: Accessible == redistributable?

I’m not sure I agree that just because something is publicly available on the internet that anyone else can copy and post that information on their own site, particularly for commercial gain.

That’s not the argument that anyone in this case has made.

Would it still be ok in your mind, Mike, for some other site to scrape that content and publish it themselves, even if with attribution?

Again, that’s unrelated to the question of whether this is a CFAA violation.

Ed C.says:

I don’t know if those sites’ use of Craigslist run afoul of the Terms of Service agreement, but most mundane violations are not hacks. If accessing a service that’s open to the pubic is “hacking”, then accessing a store that’s open to the public is “trespassing”.

To put this into a real world context, stores usually have policies that dictate what is or isn’t appropriate conduct for their patrons. These include the typical “no shirt, no shoes, no service” policy, or being overly loud or rude to other customers. Even though none of them are inherently illegal, they can get you escorted out by store security all the same. The store can even refuse service to repeat offenders. These are the sorts of things that are akin most the typical website TOS violations.

However, getting into things that private to an individual or to the company is what crosses the line. Things like digging through a customer’s unattended bag or picking the lock on the managers office can get you arrested. Similarly, hacking involves unauthorized access to information or services that are private to an individual or to the company. Things like bypassing an authentication system to access individual email accounts or gaining access to a website’s internal database.

John William Nelsonsays:

Craigslist should have used Trespass to Chattels

This isn’t a hacking case. They keep it open, there are consequences for having the data open. Sending a cease and desist shouldn’t result in CFAA or Copyright liability (criminal or otherwise).

It might be a trespass case, however, if 3tap’s and Padmapper’s use causes unreasonable loads on Craigslists servers.

Courts should do more to require plaintiffs to file the correct type of lawsuit with the correct type of remedy.

MonkeyFracasJrsays:

"Drive more traffic to site"

Before I make my point I want to say that I personally feel CraigsList is somewhat short sighted of its own potential and usefulness to the public.

That said, the argument that driving more viewers to a website through aggregation has a “hole” in it. The opinion fails to consider that the website may have specific interests in how its site is viewed. There may be analytics valuable to the site that are tainted or completely ruined by allowing third party methods for finding the data. My analogy is supermarket or “big-box” store marketing. All of the offerings in a store are rarely laid out in logical fashion, items grouped together with similar items. There is a degree of randomness, and pairing of complimentary items. This forces the shopper to spend a little more time seeking things out with the hope that they will find more to buy, things they may have forgotten or better yet impulse purchases. Certainly this is for the vendor’s benefit not the consumer’s.

And certainly this is a possible explanation for any site’s motivation to dis-allow third party “helpers” when they seem to have no interest in providing similar services them selves.

John Fendersonsays:

Re: Re: "Drive more traffic to site"

I don’t think that’s a “hole” in the argument at all. If someone has visited the site as a result of using the app, the app has driven traffic to the site.

If CL (for instance) really objects to people bypassing all the clicks needed to get to a particular listing, it would be trivial for them to prevent that from working. Resorting to lawsuits is totally unnecessary.

naschsays:

Re: Re: "Drive more traffic to site"

My analogy is supermarket or “big-box” store marketing. All of the offerings in a store are rarely laid out in logical fashion, items grouped together with similar items.

And it would not be illegal to make an app that lets someone input their shopping list and then give them directions around the store to get everything in the quickest manner possible.

MonkeyFracasJrsays:

Publicly Available !!??

The CFAA does not and should not impose liability on anyone who accesses information publicly available on the Internet. Because the CFAA and Penal Code ? 502 imposes both civil and criminal liability, it must be interpreted narrowly. That means information on a publicly accessible website can be accessed by anyone on the Internet without running afoul of criminal computer hacking laws. In the absence of access, as opposed to use, restrictions, Craigslist cannot use these anti-hacking laws to complain when the information it voluntarily broadcasts to the world is accessed, even if it is upset about a competing or complementary business.
[emphasis added]

What about the recent case where someone got jail time by simply changing the querystring in the URL to find other users’ information???!!!

https://www.techdirt.com/articles/20101008/04054011333/is-passing-query-string-data-in-referral-urls-a-privacy-violation.shtml

http://www.techdirt.com/articles/20111015/20563516374/company-thanks-guy-who-alerted-them-to-big-security-flaw-sending-cops-bill.shtml

naschsays:

Re: Re:

However re-publishing (not simply accessing or copying) copyrighted data from a public website is clearly copyright infringement.

If that’s what they’re doing, which I understand they’re not. And if classifieds are subject to strong copyright protection. And if CL, rather than the users, owns the copyright on them.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow